MySQL安全設定指令mysql_secure_installation

安裝MySQL

通過

Homebrew

安裝，執行

brew install mysql

即可。

安裝完成後會顯示

Caveats 

警告，如下所示：

We've installed your MySQL database without a root password. To secure it run: mysql_secure_installation MySQL is configured to only allow connections from localhost by default To connect run: mysql -uroot To have launchd start mysql now and restart at login: brew services start mysql Or, if you don't want/need a background service you can just run: mysql.server start

我們可以根據提示進行簡單的配置。

安全設定向導mysql_secure_installation

使用brew指令安裝完mysql後，根據提示我們可以知道目前root是沒有密碼的，我們可以通過執行

mysql_secure_installation

指令來進行安全設定。

同時這種方法也同樣可以用來解決使用

mysql -u root -p

登入時的

Access denied 

問題。

首先執行指令

mysql_secure_installation

，會出現如下的錯誤：

Error: Can't connect to local MySQL server through socket '/tmp/mysql.sock' (2)

目前

/tmp/

 目錄下并沒有

mysql.sock

這個檔案，它在mysql服務啟動時才會建立，是以需要提前執行

mysql.server start 

指令。提示如下：

Starting MySQL . SUCCESS!

這時候就可以正常執行

mysql_secure_installation

指令了。

建立密碼驗證插件

Securing the MySQL server deployment. Connecting to MySQL using a blank password. VALIDATE PASSWORD PLUGIN can be used to test passwords and improve security. It checks the strength of password and allows the users to set only those passwords which are secure enough. Would you like to setup VALIDATE PASSWORD plugin? Press y|Y for Yes, any other key for No: y

選擇密碼規則

There are three levels of password validation policy: LOW Length >= 8 #長度大于等于8 MEDIUM Length >= 8, numeric, mixed case, and special characters #長度大于等于8，數字、大小寫字母、特殊符号 STRONG Length >= 8, numeric, mixed case, special characters and dictionary file #長度大于等于8，數字、大小寫字母、特殊符号和字典檔案（慎選！） Please enter 0 = LOW, 1 = MEDIUM and 2 = STRONG: 1 Please set the password for root here. New password: （輸入你的密碼） Re-enter new password: （再次輸入你的密碼）

建立符合規則的新密碼

Estimated strength of the password: 50 #密碼強度 Do you wish to continue with the password provided?(Press y|Y for Yes, any other key for No) : y

删除匿名使用者

By default, a MySQL installation has an anonymous user, allowing anyone to log into MySQL without having to have a user account created for them. This is intended only for testing, and to make the installation go a bit smoother. You should remove them before moving into a production environment. Remove anonymous users? (Press y|Y for Yes, any other key for No) : y Success.

禁止遠端登入

Normally, root should only be allowed to connect from 'localhost'. This ensures that someone cannot guess at the root password from the network. Disallow root login remotely? (Press y|Y for Yes, any other key for No) : y Success.

删除測試資料表

By default, MySQL comes with a database named 'test' that anyone can access. This is also intended only for testing, and should be removed before moving into a production environment. Remove test database and access to it? (Press y|Y for Yes, any other key for No) : y - Dropping test database... Success. - Removing privileges on test database... Success.

Done

Reloading the privilege tables will ensure that all changes made so far will take effect immediately. Reload privilege tables now? (Press y|Y for Yes, any other key for No) : y #是否重新加載權限表 Success. All done!

現在可以使用

mysql -u root -p

進行密碼連結了。

可能會出現的問題

Your password does not satisfy the current policy requirements.

如果你在選擇密碼規則的時候不小心選擇了2，也就是數字、大小寫字母、特殊符号和字典檔案的組合。這時候設定密碼會出現如下提示：

Your password does not satisfy the current policy requirements.

這時候重新運作

mysql_secure_installation

也不會再給你機會重新設定了。手動微笑，mmp。

解決方案如下：

使用指令

mysql -uroot

登陸，執行：

set global validate_password_policy=0; #将密碼規則設定為LOW，就可以使用純數字純字母密碼

LOW強度下密碼位數的最低要求為8位，如果你想用諸如123456這類的密碼，執行：

set global validate_password_length=4; #最低位數為4位

這個時候重新運作

mysql_secure_installation

就可以安心設定了。

相關參數

validate_password_dictionary_file：插件用于驗證密碼強度的字典檔案路徑。 validate_password_length：密碼最小長度。 validate_password_mixed_case_count：密碼至少要包含的小寫字母個數和大寫字母個數。 validate_password_number_count：密碼至少要包含的數字個數。 validate_password_policy：密碼強度檢查等級，0/LOW、1/MEDIUM、2/STRONG。 validate_password_special_char_count：密碼至少要包含的特殊字元數。